Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3688 | 1 Dotclear | 1 Dotclear | 2025-04-09 | 2.6 LOW | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages.
|
|||||
| CVE-2006-6750 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226.
|
|||||
| CVE-2007-0224 | 1 Virtual Programming | 1 Vp-asp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.
|
|||||
| CVE-2006-5097 | 1 Net2ftp | 1 Net2ftp | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability.
|
|||||
| CVE-2008-5987 | 1 Gnome | 1 Eog | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
|
|||||
| CVE-2007-2763 | 1 Sienzo | 1 Digital Music Mentor | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the UnlockSupport function in the LockModules subsystem in a certain ActiveX control in ltmm15.dll in Sienzo Digital Music Mentor (DMM) 2.6.0.4 allows remote attackers to execute arbitrary code via a long string in the second argument, a different issue than CVE-2007-2564.
|
|||||
| CVE-2006-7120 | 1 Osu Open Source Lab | 1 Maintain | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php
|
|||||
| CVE-2007-2947 | 1 David Branco | 1 Openbase | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.
|
|||||
| CVE-2006-6483 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 2.6 LOW | N/A |
|
Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.
|
|||||
| CVE-2006-4099 | 1 Businessobjects | 1 Crystal Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
|
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
|
|||||
| CVE-2006-6262 | 1 Phpjunkyard | 1 Phpjunkyard Mboard | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a .. (dot dot) in the orig_id parameter.
|
|||||
| CVE-2007-2786 | 1 Ircd-ratbox | 1 Ircd-ratbox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client.
|
|||||
| CVE-2007-3160 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter.
|
|||||
| CVE-2006-6300 | 1 Cutephp | 1 Cutenews | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter.
|
|||||
| CVE-2007-4492 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123.
|
|||||
| CVE-2007-2310 | 1 Bloofoxcms | 1 Bloofoxcms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter.
|
|||||
| CVE-2009-3626 | 1 Perl | 1 Perl | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
|
|||||
| CVE-2006-6200 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.
|
|||||
| CVE-2007-2122 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03.
|
|||||
| CVE-2007-0302 | 1 Instantasp | 1 Instantasp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.
|
|||||
| CVE-2006-6117 | 1 Fipsasp | 1 Fipsgallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
|
|||||
| CVE-2009-4378 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
|
|||||
| CVE-2007-2895 | 1 Lead Technologies | 1 Leadtools Raster Dialog File Object | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.
|
|||||
| CVE-2007-1269 | 1 Gnu | 1 Gnumail | 2025-04-09 | 5.0 MEDIUM | N/A |
|
GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
|
|||||
| CVE-2007-4076 | 1 Asp Indir | 1 Alisveris Sitesi Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to execute arbitrary SQL commands via the (1) product_id or (2) cat_id parameter in a product mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6043 | 1 Oliver | 1 Oliver | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function.
|
|||||
| CVE-2006-7003 | 1 Fusionphp | 1 Fusion Polls | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.
|
|||||
| CVE-2007-2971 | 1 Greg Neustaetter | 1 Gcards | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
|
|||||
| CVE-2007-0289 | 1 Oracle | 1 Application Server | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.
|
|||||
| CVE-2006-7072 | 1 Geodesicsolutions | 1 Geoclassifieds Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php.
|
|||||
| CVE-2006-5744 | 1 Mobilesecure Inc | 2 Highwall Endpoint, Highwall Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator.
|
|||||
| CVE-2007-4529 | 1 Teamspeak | 1 Web Server | 2025-04-09 | 8.5 HIGH | N/A |
|
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) ...
Show More |
|||||
| CVE-2007-0096 | 1 Carbon Communities | 1 Carbon Communities | 2025-04-09 | 7.5 HIGH | N/A |
|
CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb.
|
|||||
| CVE-2006-4582 | 1 The Address Book | 1 The Address Book | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php.
|
|||||
| CVE-2007-2890 | 1 Cpcommerce | 1 Cpcommerce | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.
|
|||||
| CVE-2007-1509 | 1 Holtstraeter | 1 Rot 13 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. (dot dot) in the datei parameter.
|
|||||
| CVE-2007-4240 | 1 Help Center Live | 1 Help Center Live | 2025-04-09 | 7.5 HIGH | N/A |
|
The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0347 | 1 Cvstrac | 1 Cvstrac | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.
|
|||||
| CVE-2007-1828 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms.
|
|||||
| CVE-2008-7014 | 1 Fhttpd | 1 Fhttpd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value.
|
|||||